Hi, Willy Tarreau <w...@1wt.eu> wrote: > On Wed, May 13, 2009 at 11:50:07AM +0200, Maik Broemme wrote: > > I don't get you. You mean that simply omitting the "if" between "reject" and > "cond" is not returned as an error, that's it ? If so, yes I agree that it > would be better that it yells here. Since I copy-pasted the parser from other > rules (use_backend, block, redirect, ...) the same problem should be present > everywhere. >
Yes exactly, if the "if" word is missing the result is non-working. Nothing more and nothing less. > OK, so it's clearly a matter of not reporting that an unknown word is > present where only {empty, "if", "unless") are accepted. I'll look into > that. > Many thanks. > BTW, you can simplify your rules by using two things : > > either you make only one ACL : > acl localnet dst 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 > tcp-request content reject if localnet > > or you can keep your 3 ACLs but group them into one rule : > > acl localnet-1 dst 192.168.0.0/16 > acl localnet-2 dst 172.16.0.0/12 > acl localnet-3 dst 10.0.0.0/8 > tcp-request content reject if localnet-1 or localnet-2 or localnet-3 > Many thanks too, didn't know that it is working so too. > Regards, > Willy > --Maik